While there is no evidence at this time that credit card data was
taken, we cannot rule out the possibility.

It essentially then went on to tell people that they were on their own and that
it was customers' own responsibility to protect themselves from credit fraud.

Now it appears the worse case scenario is indeed playing out -- according to recent forum posts, a database with "a large
section of the PSN database containing complete personal details along (with
credit card numbers)...are being offer (sic) up for sale."

And to anyone who thinks I was involved in any way with this, I'm
not crazy, and would prefer to not have the FBI knocking on my door. Running
homebrew and exploring security on your devices is cool, hacking into someone
elses server and stealing databases of user info is not cool. You make the
hacking community look bad, even if it is aimed at douches like Sony.

...

...the fault lies with the (Sony) executives who declared a war on hackers,
laughed at the idea of people penetrating the fortress that once was Sony,
whined incessantly about piracy, and kept hiring more lawyers when they really
needed to hire good security experts. Alienating the hacker community is not a
good idea.

GeoHot, a self-admitted one-time victim of identity theft, isn't a huge fan of
Sony. He recently settled with the electronics giant
in a lawsuit over his jailbreak of the PS3. Reportedly, GeoHot
essentially scored a big win with the settlement, though precise details
haven't been revealed.

Regardless, this is bad news for Sony and worse news for its customers.
If you have a credit or debit card that you know is filed with service,
you might want to talk to your bank about changing your number as soon as
possible.

Comments

Threshold

Username

Password

remember me

This article is over a month old, voting and posting comments is disabled

You don't always need a CVV2 code for a transaction to go through, even on an internet website. There are plenty of payment processing vendors that require nothing more than a credit card number, exp date (which you can usually make anything that is not yet expired) and an amount to process.

I know PayPal credit card processing services work like this, as do some others I have used in the past.

I am more surprised out of 70 million users only 2 million and change had a CC on file.

That's correct. The credit card companies all make the merchant liable for any fraud, so they give them tools which they can use to decide whether to accept or reject a transaction. The CVV2 code is one. A zip code / address / phone number check is another. All of these are optional security measures that the merchant can choose to use. They are not required for a transaction if the merchant chooses to forgo them.

quote: I am more surprised out of 70 million users only 2 million and change had a CC on file.

IIRC, it's illegal (in the U.S.) to store a credit card number without the cardholder's consent. So probably 70 million used a credit card on PSN, but only 2 million opted to have PSN "remember" their credit card info so they wouldn't have to type it in again.